PROPOSALS OF GRAPH BASED CIPHERS, THEORY AND ...

PROPOSALS OF GRAPH BASED CIPHERS, THEORY ANDIMPLEMENTATIONSAndrzej PaszkiewiczInstitute of Telecommunications, Technical UniversityNowowiejska 15/19, 00-665 Warsaw, PolandE-mail: anpa@tele.pw.edu.plAnna Górska, Karol Górski,ENIGMA Systemy Ochrony Informacji Sp.z.o.o.Cietrzewia 8, 02-492 Warsaw, PolandE-mail: ania, karol@enigma.com.plZbigniew Kotulski, Kamil Kulesza, Janusz SzczepańskiInstitute of Fundamental Technological Research, Polish Academy of SciencesŚwiętokrzyska 21, 00-049 Warsaw, PolandE-mail: zkotulsk, kkulesza, jszczepa@ippt.gov.plABSTRACTGraphs may be used for the design of streamciphers, block ciphers or public-key ciphers. Thispaper presents a method of using paths between apair of graph vertice for designing effectivepolyalphabetic substitution ciphers. A similarmethod can be developed basing on cut-sets orspanning trees. The period of alphabetchangeovers is equal to the number of pathsbetween a pair of selected vertices on the graph,the number of spanning trees, cut-sets or is amultiple of these values.The results of statistical tests and an assessment ofthe cryptographic strength of these ciphers arepresented. Also proposed are modifications ofthese ciphers based on modifying the labels ofvertices or edges (arcs) of the graph. Thesemodifications influence the statistical propertiesand period lengths.1. INTRODUCTIONA significant demand exists for newnon-standard cryptographic methods (see, e.g.,[1], [2]). In addition to traditionally employedfor this purpose branches of mathematics suchas algebra, Boolean function theory,information and coding theory [3] and classicalprobability theory, other branches, particularlydiscrete mathematics and chaos theory [4] mayalso be used. In discrete mathematics, graphtheory appears to be a good source of nonstandardmethods. Graph theory providesexamples of problems characterized by largecomputational complexity [5]. Problems suchas the search for the shortest (weighted)Hamiltonian cycle are known to be NPcomplete.Also, the number of variousstructures which may be created on a givengraph, e.g. the number of paths or the numberof cut sets between a pair of graph vertices orthe number of spanning trees grows muchfaster than exponentially [6]. This may form agood foundation for the design of efficient andsecure ciphers, more secure than the ciphersproposed in the past.Graphs may be used for the design ofstream ciphers, block ciphers or public-keyciphers [7]. This paper presents a method ofusing paths between a pair of graph verticesand spanning trees for designing effectivepolyalphabetic substitution ciphers. The periodof alphabet changeovers is equal to the numberof paths between a pair of selected vertices onthe graph, the number of spanning trees or is amultiple of these values.The results of statistical tests and anassessment of the cryptographic strength ofthese ciphers are presented. Also proposed aremodifications of these ciphers based onmodifying the labels of vertices or edges (arcs)of the graph. These modifications influence thestatistical properties and period lengths.The statistical tests carried out by theauthors show that promising results may beobtained already for relatively small graphsizes, e.g., 24 vertices. This translates to a

large efficiency of ciphers designed on thebasis of graph theory.Graphs can be also used for othercryptographic algorithms like: secret sharing,and authentication of streams of bits. In thepaper we present an idea of the graph-basedsecret sharing scheme. We indicate thepossibility of application of the graphs to somesimple authentication method which makespossible to identify the origin and to confirmcontents of the message.Before we present the examples of thegraph-based algorithms applied to all the listedcryptographic tools, we introduce thefundamental facts concerning graphs.2. MATHEMATICAL NOTATIONAs we mentioned, graphs, asmathematically complicated objects, can begood candidates for coding cryptographicelements, especially secret keys. However, toapply a certain graph for cryptographicpurpose we must know if it is connective andits structure is rich enough to guaranteesecurity of the graph-based cryptosystem. Inthis section we present some theoreticalresults, that later are used for in construction ofalgorithms. The goal is to make themsufficiently general in order to providetheoretical foundation for various cryptologicalapplications. Hence once theorems and proofsare stated, remarks are provided showingoptions for possible modifications.We start the presentation of resultsfrom introduction of basic notations. Let G bethe graph with e edges and v vertices. Then wehave:X is the set of vertices of the graph G,X = { x , 1x2,...,x v};U is the set of edges of the graph G;U ⊂ X × X , U = { u , 1u2,...,u e};u ( x,y)is the edge linking the vertices x and yand u H ( x,y)is the directed edge starting at xand ending at y;Sx is a tagged vertex, called the initial one;Tx is another tagged vertex, called the finalone;µ is the path, that is the sequence of vertices,such that every neighbors have an edge linkingthem (alternatively: a sequences of edges suchthat every neighbors have a common vertex);Γ is a function mapping the set of vertices tothe set of subsets of vertices,XΓ : X → 2in such a way, thatΓ ( x)= { y ∈ X : u(x,y)∈U},Γ (x) is the set of vertices following the vertexx (for the non-directed graphs: the set ofneighbors of the vertex x);−1Γ is the function inverse to Γ;Γ −1 ( x)is the set of vertices preceding thevertex x (for the non-directed graphs:1Γ − ( x)= Γ(x));K (v) is the complete graph with v vertices;deg(x ) denotes the degree of the vertex x andDEG (G) is the degree of the graph G (thesum of degrees of all vertices in the graph G).We introduce the vector WAY as a register ofvariable length, where we store the sequenceof vertices of the path linking the initial vertexSTx and the final vertex x .The conditions that should be satisfiedby the graph applied in our cryptosystem arepresented in the following series of statements.Theorem 1Graph G with v vertices is connective if( v −1)(v − 2)e ≥+ 12Outline of proof:One shows for the graph G with v vertices:a. The existence of a non-connective graph( v −1)(v − 2)with e =edges;2b. The property that graph with( v −1)(v − 2)e =+ 1 edges cannot be2partitioned into disjoined (non-connective)subgraphs.Corollary 1.1Maximal edges difference between K (v)andthe graph satisfying conditions of Theorem 1 isv − 2

Corollary 1.2( v −1)(v − 2)In the graph G, e ≥+ 1 implies22v − 3v+ 4 ≤ DEG(G)Theorem 22Graph G, such that v − 3v+ 4 ≤ DEG(G),will have minimum v − 2 vertices of degree atleast v − 3 .Corollary 2.12The graph G, such that v − 3v+ 4 ≤ DEG(G),will have maximum 2 vertices of degree lowerthan v − 3 .Corollary 2.2In the graph G satisfying the condition2v − 3v+ 4 ≤ DEG(G), such that, every vertexx of deg( x ) ≥ v − 3 will be connected withminimum v − 5 vertices of deg( x ) ≥ v − 3 .Theorem 3In any graph maximal number of vertices ofdeg = v −1 is limited to the lowest degree ofthe vertex in the given graph.Corollary 2.3Graph G with v vertices and2v − 3v+ 4 ≤ DEG(G)can have only onevertex of degree 1. Moreover:a. Such a vertex can be connected only withthe vertex of degree v −1b. Subgraph G’ created by removing thevertex of degree 1 from graph G will becomplete.Outline of proof:Corollary 2.3 results from Theorem 3, somecombinatorial reasoning and a simplecomputation.Lemma 1In the graph G, such that2v − 3v+ 4 ≤ DEG(G), any two verticesx i, i = 1,2 of degree deg( x i) ≥ v − 3 can beconnected by a path of the length of 2 edges.Outline of proof:One should consider three cases, where thegraph G has:a. v vertices, x i, i = 1,2,...,v , withdeg( x i) ≥ v − 3,b. one vertex x 1with deg( x 1) < v − 3 andv −1 vertices, x i, i = 2,3,...,v , withdeg( x i) ≥ v − 3,c. two vertices, x 1, x2ofdeg( x1),deg(x2)< v − 3 and v − 2 vertices,x i, i = 3,4,...,v , with deg( x i) ≥ v − 3.Each case should be proven separately usingtheorems stated above, combinatorialreasoning and simple computation.Lemma 2In the graph G such, that2v − 3v+ 4 ≤ DEG(G), any two vertices canbe connected by the path of the length of 3edges.Outline of proof:SAssume, x and x T are the starting and theending vertex of the path. The proof should bemade for three separate cases:S Ta. both vertices x and x have deg ≥ v − 3 ,b. one vertex is with deg < v − 3 anotherwith deg ≥ v − 3,c. both vertices have deg < v − 3 .Each case should be proven separately usingtheorems stated above and lemma 1,combinatorial reasoning and simplecomputation.Theorem 4In the graph G with v vertices and satisfying2the condition v − 3v+ 4 ≤ DEG(G), theminimal number N ( xS ) of paths such that:Sa. x is the starting point for the path;b. n is the number of edges in the path and2 < n < v − 3 ;c. each edge is used only once in the path;d. each vertex is used only once in the pathcan be calculated from the formulaSN(x ) = ( v − 5)( v − 6)...( v − 5 − ( n − 3)) =( v − 5)( v − 6)...( v − 2 − n)=n 3( v − 5)!= ∏ − ( v − 5 − c)= .c=0 ( v − 3 − n)!Outline of proof:Because theorem states “minimal number of

paths”, the worst case scenario (conditions forthe lowest numbers of path) should be found.Then it should be proven using theorems statedabove and combinatorial reasoning.Remarks:1. Theorem and proof were made fortheoretical worst case scenario, carefulanalysis shows that such strict conditionsare mutually exclusive, hence cannot holdboth. Further reasoning yields:N ( xS) = ( v − 3)n∏ − 3c=0( v − 5 − c)2. Eliminating condition d from Theorem 4can significantly increase N. In such casesit is also possible to create path with length2vn > v (n can even reach magnitude ), 2further increasing N.Theorem 5In the graph G, with v vertices and satisfying2the condition v − 3v+ 4 ≤ DEG(G), theS Tminimal number N( x , x , m)of paths suchthat:Sa. x is the starting point and x T is endingpoint of the path;b. m is a natural number and the path lengthis a number form the interval ( m , m + 2);c. each edge is used only once in the path;d. each vertex is used only once in the path,with the exception for last two vertices x’Tand x’’ preceding x , x’ and x’’ can comefrom vertices previously visited,can be calculated according toS TN(x , x , m)= ( v − 6)( v − 7)...( v − 6 − ( n − 2)) == ( v − 6)( v − 7)...( v − 4 − n),where n = m −1and 2 ≤ n ≤ v − 4 , providedthat at least one such a path can be found, orS TN( x , x , m)= 0otherwise.Outline of proof:Proof is based on the assumption that path canbe constructed. Then, it is shown that certainshorter paths can be constructed and thenumber of them is given by Theorem 4.Finally, Lemmas 1, 2 together with someprevious results (especially, corollaries toTheorem 2) show that the shorter path can belinked with x T in a fixed number of steps.Such composed paths will fulfill conditions ofTheorem 5 and their minimal number can beprovided.Remark:If some assumptions are lifted (say b. and/ord.) similar results can be found. In such casesit may be required to introduce additionalassumptions about the path (specially itslength).3. GRAPH-BASED BLOCK CIPHERThe proposed algorithm uses pathsbetween two vertices of a graph. To constructthe series of paths we apply the table ofpreferences of visiting the vertices of thegraph. For every vertex x ∈ X , the table ofpreferences is a list of numbers of the verticesx i∈ X such that u( x,xi ) ∈Ugiving thesequence of visiting the points x i. The ciphergraph G must be defined in such a way, that itis connective and it has exactly 256 edges; thismeans that it has at least 24 vertices (We bearin mind the conclusion of Theorem 1). Next,we assign to all the edges u j, j = 1,2,..., 256 , ina random way, the binary numbers of the range0 ...255, called the labels k j , j = 1,2,..., 256(assuming that all the labels are different). Toobtain the working path for the encryption theactual character, one performs an algorithm offinding paths between two vertices, x S andTx ; the numbers of the vertices belonging tothe generated path are written, in sequence, inthe vector WAY; this vector is returned alwaysafter application of the procedure of searchingthe next path between x S and x T . Finally,u , ,...,iuiu are the edges belonging to ther r− 1 1STpath linking x and x , written in the inverseorder.To complete the algorithm ofencryption the characters, we define acryptographically strong bijective map(permutation) Π ,Π :{0,1,...,255}→{0,1,...,255},

and the cyclic shift to the left with b bits(denoted by the symbol

simplicity of calculations in this presentation,we assume l = L = 8 , so the other spaces usedin the cryptosystem are: P = { 0,1} 8, C = { 0,1} 8.The basic graph G of the cryptosystemhas v vertices and e edges; each vertex andedge has its individual number. Every edge ofthe graph is associated with the label beingsome 8-bit number. Every vertex has itsindividual table of preferences which describessequence of the neighbor vertices when thepaths are constructed. The secret keys used inthe cryptosystem are the subgraphsk i, i = 1,2,..., generated from the basic graph G(e.g., the paths of certain length starting from aSfixed vertex x ) according to some rule basedon the tables of preferences associated to thevertices of the graph.A certain subgraph k, being the secretkey in our cryptosystem, can be interpreted asa sequence of words (bytes, elements of thespace { 0 ,1} 8, the labels associated to the edgesof the subgraph) of random length r (the lengthis dependent on the way the path is generated)of the form1 2 rk = ( k , k ,..., k ).Now, the cipher function F (.,.) is thejcomposition of r round operation f ( k ,.) ,where in each round subkey (the label assignedjto the graph edge) k of the key k is appliedand the initial plaintext s = s1is iteratedaccording tojsj + 1= f ( k , sj), j = 1,2,..., r,and the output of F (.,.) is c = s r+ 1. Everyround should be built according to usualconditions to guarantee good cryptographicproperties of F (.,.) (see, e.g., [12]). In theparticular case of our cipher we applied theXOR operation of the subkey k j and theplaintext sjand permutation of bits in theresulting byte.The general scheme presented in thissection is now implemented for certain graphscheme.5. STREAM CIPHERTo apply the algorithm of the graph cipherapplied for bits generation one must do thefollowing.1) Construct the graph G with v vertices and e( v −1)(v − 2) v(v −1)edges,+ 1 ≤ e ≤ ;22p2) Assign the labels k ∈[0,255],p = 1,2,...,n, to the edges;3) Assign the tables of preferences to thevertices of the graph;4) Choose the seed s ∈[0,255];5) Choose the way to generate the keys1 2 rki= ( ki, ki,..., ki) , e.g.,Sa) choose the initial vertex x 1andgenerate a long path starting from it,using the tables of preferences (e.g., thelength of the path is 18),b) choose all the 8 element subsets of theedges from this path and place theirnumbers to rows of the table in anatural order (leaving the order ofedges governed by the pathunchanged),c) change the order the rows of the matrixin a random way using thepseudorandom numbers generator forthe indexes of rows, obtaining the keysj 28( )1 j, ,..., jki= kikiki, i = 1,2,...,imax,6) Generate the sequence of bits according to:G(s)= F ( s)|| F ( s + 1) || F ( s + 2) ||...k1k2.... || Fk i( s + imax−1),maxwhere addition of the function’s argument8is modulo 2 .7) Select next path and repeat the procedureof points 5b, 5c, 6. After exploiting all thepaths starting from the vertex x S1, chooseother initial vertices x S i,k3i = 2,3,...,v andcontinue the procedure of points 5, 6.The final step of the procedure is statisticalverification of the generated stream of bits.6. PUBLIC-KEY CRYPTOSYSTEMThe scheme for public-keycryptosystem called “Polly Cracker” can befound in [7]. The general idea behind thisscheme is to:a. construct polynomials over finite field F;nb. take an arbitrary vector z ∈ F as a private

key and the subset B = { q i} of thepolynomials over finite field F, such that,for every i, q i( z)= 0 , as a public-key;c. encrypt a message m obtaining cipherpolynomial C using the public-key (arandomly chosen element generated by B);d. message m can be decrypted by finding thevalue of polynomial C at z.Having described public-keycryptosystem “Polly Cracker”, one can moveto its special case based on graph 3-coloring.The problem of graph 3-coloring is NP class.To formulate the cryptosystem in terms ofgraph theory, we introduce:The public-key is the graph G ( X , U ) , that isthe graph with the set of vertices X and the setof edges U;The private key is the proper 3-coloring of thegraph using colors c ∈{ 1,2,3}and the mapassigning x = c for x ∈ X , according tograph 3-coloring rule.Once graph 3-coloring is known, thebase B = B(G)is constructed. B is constructedfrom a polynomial derived from the variables{ t x,c}, and B = B1 ∪ B2∪ B3forB = t + t + t −1:x ∈ XB{x,1x,2x,3}{ tx, ctx,d: x ∈ X , c ≤ { 1,2,3}{ t t : u(x,y ∈U}12= d ∈B3=x,c y,c)Then, the zero point of all polynomials from Bcan be computed by taking t 1, if thex, c=vertex x has color c, and 0 otherwise.Further references to this public keycryptosystem will be given in the secretsharing section.In a similar way other graph based“Polly Cracker” schemes can be constructed.One of the examples can be “perfect code”graph described in [7].All these implementations, likedescribed above graph 3-coloring system,have the following features:a. knowing G ( X , U ) is equivalent toknowing subset B = { q i} of polynomialsover finite field F;b. knowing NP class problem (resulting fromgraph structure) is equivalent to knowingnvector z ∈ F ;c. encryption process takes place like ingeneral “Polly Cracker” description;d. to decrypt message m, value of receivedpolynomial (derived from the graphG ( X , U ) structure) at z should becalculated.7. SECRET SHARINGGraphs have applications to secretsharing on two levels:a. theoretical research into secret sharingproblems;b. as structures used for secret sharingschemes.Concerning the first application,theoretical results will be presented, the mostof them coming from [13]. Let us define thescheme of the method. Thus, let:P denotes the set of w participants of thesecret, where w is an integer;K denotes the shared key;Γ is the access structure, that is, the set ofsubsets of P. The elements of Γ are thosesubsets of participants that should be able tocompute the key. Such subsets in Γ are calledauthorized subsets;S is the set of the shares created by the keydistribution rule (function) f : P → S .A perfect secret sharing schemerealizing the access structure Γ is a method ofsharing the secret key K among the participantsfrom P in such a way that the following twoproperties are satisfied :1. If an authorized subset of participantsB ⊆ P pool their shares, then they candetermine the value of K.2. If an unauthorized subset of participantsB ⊆ P pool their shares, then they candetermine nothing about the value of K.In a perfect secret sharing scheme realizing anaccess structure Γ , the information rate for Piis the ratiolog2Kqi= ,log2S(Pi)where S ( P i) denotes the set of possible sharesthat Pimight receive and S( P i) ⊆ S .The information rate of the scheme is

denoted by q and is defined asq = min { qi : 1 ≤ i ≤ w}, where w is the totalnumber of participants of the secret as definedabove. Optimal perfect sharing scheme hasq = 1. Such a scheme is called the ideal one.Once basic terms are established sometheoretical results and methods can bepresented :Graphs can be used to visualize andease design of access structures. For example,monotone circuit construction method is usedfirst to build a monotone circuit that“recognizes” the access structure, and then tobuild the secret sharing scheme from thedescription of the circuit.Yet, more general theoretical result canbe stated. Suppose, G ( X , U ) is a completemultipartite graph. Then, there is an idealscheme realizing the access structure Cl(U ) onthe participant set X. ( Cl(U ) , the closure of U,means that all edges of the graph are used inthe access structure). This short and elegantresult, although at first looks like another“existence” theorem, is indeed powerful tool inconstruction access structures for sharingschemes.After describing theoretical componentsome more practical results will be presented.Graph n-coloring finds applications in manyfields of cryptography. Two examples are :a. public-key cryptosystem “Polly Cracker”bases on graph 3-coloring;b. zero-knowledge proof based on graph 3-colorability.Two approaches to secret sharing forgraph n-coloring will be presented. Due to thelack of space only rough sketch of idea behindsolutions will be shown. The volume ofinformation required for detailed descriptionwould easily fill whole paper.1. The participants do not know underlyinggraph structure G ( X , U ) .In this case G is extended by some newedges and possibly some vertices. Then,graph divided into w pieces (number ofparticipants) according to wanted accessstructure. Depending on the boundaryconditions (n, w, access structure, andgraph extension algorithm) decent resultscan be presented. They are usually ofcombinatorial nature, hence allowing good“bottom” estimates of the structurestrength. At this moment we are workingon their generalization to one elegantmodel.2. The participants know underlying graphstructure G ( X , U ) .The example of such a problem is thepublic-key cryptosystem “Polly Cracker”based on graph 3-coloring, since G ( X , U )is a public-key in this case. Hence, methodused above (adding edges, vertices andsharing) cannot be applied.Even in such case guidelines for efficientsecret sharing can be found. They heavilydepend on the structure of G, but what maycome as a surprise: secret can be shared inan efficient way among number ofparticipants w > n (the number of colors).Certainly, such secret sharing scheme willnot be perfect but, yet, can be made of NPcomputational complexity for specialcases. Yet, again authors are busy workingon their generalization to one elegantmodel.Other results concerning secret sharingcan be found in [14], [15]. There are also someresults concerning zero-knowledge proofs, theprotocols based on graph isomorphism andgraph 3-colorability.8. AUTHENTICATION OF DIGITALSTREAMSIn the paper [16] authors presented agraph-based scheme of authentication ofdigitals streams over a lossy networks. In theirmodel the data stream being authenticated isrepresented as a contiguous subset of packets{ P1, P2,..., P n}. For description of theauthentication procedure some directed graphwithout loops and with n nodes (vertices) isused. Every node of the graph corresponds tothe data packet of the same number. Onepacket in the stream, say Psig, is signed with apublic-key signature algorithm such as RSA.The directed edges of the graph, u H ( x i, xj) ,connecting the i-th and j-th node inform thatthe hash function of the packet P iis placed in

the packet P jif i > j , and some MessageAuthentication Code (MAC) of Piis placed inPjif i < j . If both the contents and source ofPjcan be authenticated then also the receiveris capable of verifying the contents and sourceof Pi. Any packet P ican be authenticated ifand only if there is a path from P ito thesignature packet P sigthat only includes nodescorresponding to received (that is, not lostduring transmission) packets. Therefore oneshould construct the authentication graph that(in some reasonable frames) it maximizes theprobability Pr ( Pi → P sig) of linking P iandPsigby the path. Examples of such schemesare presented in the paper [16].9. NUMERICAL RESULTSThe encryption algorithm was based ona directed graph with 24 vertices and 256 arcs.Outgoing arcs from each vertex were randomlyassigned preference levels used during thecreation of paths through the graph. Each arcalso had a label selected randomly from the set{0..255} without repetitions. Additionally theencryption algorithm used a random singlecycle permutation.Using depth-first search successive 18-arc paths were selected, each starting from afixed vertex. For each path all 8 elementcombinations of the 18 arcs were generated inlexicographic order. Each such combinationwas used to encrypt a single plaintextcharacter. For the purpose of the statisticaltests the plaintext characters took onsuccessive values from the set {0..256}repeated as many times as needed.The encryption of a single characterwas performed in 8 stages with each stageconsisting of a bitwise sum modulo 2 of theplaintext character and the label of an arc fromthe current 8-element combination and thenthe application of the single cycle permutationto the result. The result of each stage becamethe input to the next stage. At each stage thenext arc from the current combination wasused. The result of the last stage became theciphertext character.The tests were carried out on:100 sequences of 10 Mbits10 sequences of 100 Mbits1 sequence of 1 Gbit.The tests performed and their resultsare shown in Table 1. Each entry consists ofthe number of tests which resulted in therejection of the null hypothesis in relation tothe total number of tests. All tests wereperformed with a significance level of 0.01.BIBLIOGRAPHY[1] http://csrc.nist.gov/encryption/aes/[2] http://www.cosic.esat.kuleuven.ac.be/nessie/[3] J.Berstel, D.Perrin, Theory of Codes,Academic Press 1985.[4] Z.Kotulski, J.Szczepański, K.Górski, A.Paszkiewicz, A. Zugaj, Application of discretechaotic dynamical systems in cryptography -DCC method; International .Journal ofBifurcation and Chaos. 9(6), 1121-1135, 1999.[5] K.C.Kakoulis, I.G. Tollis, On the complexityof the Edge Label Placement problem,Computational Geometry Theory andApplications 18(1), 1-17, Feb 2001.[6] R.Wilson, Introduction to Graph Theory,Addison Wesley, London 1996.[7] N.Koblitz, Algebraic Aspects of Cryptography,Springer-Verlag, Berlin 1998.[8] L.Fratta, U.G.Montanari, All simple paths in agraph by solving a system of linear equations,Nota Interna No. B71-11 of ConsiglioNalzonalk dells Riscerche, Institut diElaborazione Della Informazione, Pisa 1971,Oct;[9] G.S.Hura, Enumeration of all simple paths in adirected graph using Petri Net - a systematicapproach, Microel and Reliab. Vol. 23, No. 1pp. 157-159, 1983;[10] R.B.Misra and K.B.Misra, Enumeration of allsimple paths in a communication network,Microel. And Reliab. Vol. 20, pp. 419-426,1980;[11] A.Paszkiewicz, Przykłady zastosowań teoriigrafów do konstrukcji szyfrów, IV KrajowaKonferencja Zastosowań KryptografiiEnigma’2000, K-179-183.[12] J.Daemen, L.R.Knudsen, V.Rumen, LinearFrameworks for Block Ciphers, Designs, Codesand Cryptography 22, 65-87, 2001.

[13] D.R.Stinson, Cryptography. Theory andPractice. CRC Press, Boca Raton 1995.[14] G.Simmons, Geometric Shares Secret and/orShared Control Schemes, Adv. in Cryptology-Proc of CRYPTO’90, Springer Verl. 1991, pp.216-241;[15] G.Simmons, How to (really) share a secret,Adv. in Cryptology-Proc of CRYPTO’88,Springer Verl. 1990, pp. 390-448;[16] S.Miner, J.Staddon, Graph-BasedAuthentication of Digital Streams, preprintTable 1. The results of ststistical tests performed for the numerical dataTest10 Mbitsequences100 Mbitsequences1 GbitsequenceFIPS 140-1 test suite in 20000 bit 0 / 50000 1 / 50000 0 / 50000subsequencesequidistribution of 1 bit blocks in 16384 bit 633 / 61000 604 / 61030 605 / 61035subsequences (χ 2 test)equidistribution of 1 bit blocks in whole 2 / 100 0 / 10 0 / 1sequence (χ 2 test)equidistribution of 8 bit blocks in 131072 75 / 7600 77 / 7620 84 / 7629bit subsequences (χ 2 test)equidistribution of 8 bit blocks in whole 1 / 100 0 / 10 0 / 1sequence (χ 2 test)equidistribution of 48 bit blocks in 786432 15 / 1200 16 / 1270 12 / 1271bit subsequences (Kolmogorov-Smirnovtest)linear complexity in 1024 bit subsequences 9937 / 976500 - -randomness of Walsh-Hadamard power 82 / 6400 - -spectrum in 1024 bit subsequences of theinitial 65536 bit subsequence(Feldman’s test)randomness of Walsh-Hadamard power 0 / 100 - -spectrum in the whole initial 65536 bitsubsequence (Feldman’s test)entropy of 8 bit blocks in whole sequence - 0 / 10 0 / 1(Maurer’s test)entropy of 9 bit blocks in whole sequence - 1 / 10 0 / 1(Maurer’s test)entropy of 10 bit blocks in whole sequence - 0 / 10 0 / 1(Maurer’s test)entropy of 11 bit blocks in whole sequence - 0 / 10 0 / 1(Maurer’s test)entropy of 12 bit blocks in whole sequence - 0 / 10 0 / 1(Maurer’s test)entropy of 13 bit blocks in whole sequence - - 0 / 1(Maurer’s test)entropy of 14 bit blocks in whole sequence - - 0 / 1(Maurer’s test)entropy of 15 bit blocks in whole sequence(Maurer’s test)- - 0 / 1